@bulwark/langchain

Bulwark integration for LangChain — authenticated tools and credential-aware agents.

Installation

npm install @bulwark/langchain

Quick Start

import { ChatAnthropic } from "@langchain/anthropic";
import { AgentExecutor, createToolCallingAgent } from "langchain/agents";
import { BulwarkToolkit } from "@bulwark/langchain";

// Initialize Bulwark toolkit for your agent
const toolkit = new BulwarkToolkit({
  tenantId: process.env.BULWARK_TENANT_ID!,
  agentId: process.env.BULWARK_AGENT_ID!,
  agentApiKey: process.env.BULWARK_AGENT_KEY!,
  userId: "usr_01j...", // the human on whose behalf the agent acts
});

await toolkit.init(); // creates a Bulwark session

const tools = await toolkit.getTools(); // returns credential-injected tools

const llm = new ChatAnthropic({ model: "claude-opus-4-6" });
const agent = createToolCallingAgent({ llm, tools, prompt });
const executor = new AgentExecutor({ agent, tools });

const result = await executor.invoke({ input: "Search GitHub for Bulwark" });
await toolkit.close(); // completes the Bulwark session

BulwarkToolkit

Methods

class BulwarkToolkit {
  constructor(options: BulwarkToolkitOptions);

  // Initialize — creates a Bulwark agent session
  init(): Promise<void>;

  // Get authenticated tools
  getTools(): Promise<StructuredTool[]>;

  // Close — completes the Bulwark session
  close(): Promise<void>;

  // Access the raw session
  readonly session: BulwarkSession;
}

Options

interface BulwarkToolkitOptions {
  tenantId: string;
  agentId: string;
  agentApiKey: string;
  userId?: string;            // for user-delegated sessions
  requestedScopes?: string[]; // defaults to agent's registered scopes
  baseUrl?: string;
}

Built-in Credential Tools

When credentials are stored in the Token Vault, Bulwark automatically injects them:

const tools = await toolkit.getTools();
// Returns tools like:
// - GitHubSearchTool (uses stored GitHub token)
// - SlackPostTool (uses stored Slack token)
// - LinearCreateIssueTool (uses stored Linear token)

Custom Tools with Credential Injection

import { BulwarkProxyTool } from "@bulwark/langchain";

const githubTool = new BulwarkProxyTool({
  name: "github_api",
  description: "Call the GitHub API",
  credentialId: "cred_github",
  toolkit,
  schema: z.object({
    path: z.string().describe("GitHub API path"),
  }),
  buildRequest: ({ path }) => ({
    method: "GET",
    url: `https://api.github.com${path}`,
  }),
});

CIBA in LangChain

import { CIBAApprovalTool } from "@bulwark/langchain";

const paymentTool = new CIBAApprovalTool({
  toolkit,
  name: "send_payment",
  description: "Send a payment — requires human approval",
  approvalScope: "approve:payment",
  onApproved: async ({ amount, recipient }) => {
    // Execute payment after human approves
  },
});